CUTTER BUSINESS TECHNOLOGY JOURNAL VOL. 31, NO. 1
Cutter Senior Consultant James Mitchell turns to the flurry of attraction in the past year in securing public cloud service providers. Further validating this trend, he predicts that “the trend across the globe will be to go ‘all in’ on just a handful of hyperscale public cloud providers.” Mitchell further asserts that “this concentration of risk will become a focus of attention for those charged with mitigating ‘black swan’ risks to the global economy.”
The year 2017 saw a flurry of large enterprises announcing that they were going “all in” on their preferred public cloud provider. A prediction that this will continue into 2018 is therefore hardly a risky one. However, my prediction goes further. I predict that, this year, the trend across the globe will be to go “all in” on just a handful of hyperscale public cloud providers, all of them headquartered in the US. I further predict that this concentration of risk will become a focus of attention for those charged with mitigating “black swan” risks to the global economy.
In 2017, my colleagues and I designed, published, and scored an RFP for the provision of public cloud to a major organization that is a member of the UN. You can imagine that for such an organization, fairness — and, in fact, auditable fairness — was paramount in the design and scoring of this open international tender. The RFP secured a healthy number of responses, almost all of high quality. As the client was based in Europe, we secured a good number of responses from European companies, including smaller companies, as we had deliberately avoided placing unnecessary barriers to entry for smaller “challenger” cloud providers.
Having reviewed all the responses, there was no question that one of the market-leading hyperscale vendors would be selected, either directly or via one of the several channel partners that submitted proposals. The value that the tender brought was in identifying and fairly comparing cloud providers that could be leveraged in a manner complementary to use of those hyperscale vendors, reducing the risk of vendor lock-in and single supplier risk, as well as reducing the dependency upon a single technology stack and a single set of fairly rigid, standardized business processes.
If every organization in the world were to run an equally fair process, I would expect most organizations to select Amazon Web Services (AWS) first, with at least one other provider, usually selected from the other hyperscale providers (i.e., Microsoft Azure, Google Compute Platform, and IBM Bluemix/SoftLayer), as their disaster recovery, or business continuity, backup provider. The exception would be for workloads with overriding jurisdictional concerns or unusual use cases. In reality, most organizations do not have to run open international tenders and are simply following the trend to select the most overtly successful hyperscale cloud providers. When you consider this decision on an organization-by-organization basis, it is hard to argue against it.
However, what happens when all organizations follow the same logical process? What happens when they all do the right thing for their organization, and all end up with the same AWS-plus-one answer? Society ends up with AWS having more than 50% market share, with perhaps the other 50% split evenly between three other hyperscale providers and a handful of what will become niche players.
Market forces, cutthroat competition, and over a decade of 50% year-on-year organic growth of the cloud industry pioneer will have resulted in a global market that is more concentrated in the hands of a single vendor, using a single technology stack, than almost any other market you might care to compare it to.
Electricity markets are often cited as analogous to cloud computing markets, as for both, capacity is perishable, largely concentrated, not geographically distributed, delivered to large numbers of small remote users, and is usually consumed on demand under a pay-as-you-go pricing model. But when the Fukushima nuclear meltdown shut down all nuclear power in Japan, the lights did not go out because other types of generation were able to make up for the loss of 20% of Japan’s electricity generation capacity (see Figure 1).
Notably, the market share for global public cloud infrastructure as a service (IaaS) is becoming far more concentrated than that of the Japanese electricity generation market. Following the global financial crisis, there has been much concern and restructuring to reduce the reliance on banks that are “too big to fail.” In 2007, 53% of the US banking market was made up of the four biggest banks plus a slew of other “giant banks” (see Figure 2). The market share for global public cloud IaaS is becoming far more concentrated than that of the US banking sector just before the global financial crisis.
This concentration risk has not gone unnoticed by global organizations charged with keeping an eye out for the next systemic black swan risk to the global economy. The Financial Stability Board, which counts as its members the International Monetary Fund, the Bank of England, the US Federal Reserve Bank, and all the equivalent bodies from most countries globally, issued a report in June 2017 identifying “areas that merit authorities’ attention,” including “managing operational risk from third-party service providers,” which would include both specialist fintech companies offering software as a service (SaaS) and more generalist public cloud providers such as AWS and Microsoft Azure.
The European Commission is paying attention to this area, too. In fact, the group funded two years of my team’s research, in collaboration with Oxford University and other members of the CloudWATCH2 consortium, into a roadmap toward a cloud market encouraging price transparency, which looked into exactly this risk and how it could potentially be mitigated without resorting to anything too drastic.
To summarize my predictions, then, I expect AWS to continue to grow market share, with only a couple of other hyperscale vendors really keeping up. Indeed, I expect this to become a focus of attention for a wide range of regulatory and supervisory bodies around the world throughout 2018. Finally, because I have faith that Amazon really is the world’s most customer-centric company, I predict that AWS will take various actions to mitigate these potential black swan risks, so that the ongoing migration from inefficient private cloud to the hyperscale public cloud will be able to continue without either risking disruptive regulatory intervention or suffering an unmitigated worldwide systemic risk to our digital economies.